CN105812136A - Update method, update system and security authentication device - Google Patents
Update method, update system and security authentication device Download PDFInfo
- Publication number
- CN105812136A CN105812136A CN201410844587.4A CN201410844587A CN105812136A CN 105812136 A CN105812136 A CN 105812136A CN 201410844587 A CN201410844587 A CN 201410844587A CN 105812136 A CN105812136 A CN 105812136A
- Authority
- CN
- China
- Prior art keywords
- certificate
- safety
- request
- equipment
- described safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an update method, an update system and a security authentication device. After the security authentication device receives an update command, the device generates a certificate request by using a certificate renewal key preset in the security authentication device. After that, the device applies a certificate to a security authentication server by using the certificate request. Since the certificate request is generated based on the certificate renewal key preset in the security authentication device, the certificate request is encrypted in the security authentication device. Meanwhile, the security authentication device itself is capable of resisting attacks and avoiding the key leakage, so that the certificate request grenade by the security authentication device is higher in security. Therefore, the risk that the certificate request is tampered is lowered. As a result, the security of the update process is improved.
Description
Technical field
The application relates to electronic information field, particularly relates to a kind of update method and system, safety certificate equipment.
Background technology
Growing along with Net silver user, the validity period of certificate of the safety certificate equipment (such as Net silver shield) that bank issues is usually 3 years or 5 years.When the safety certificate equipment certificate expired of client or by time expired, it usually needs after user connects the renewal that bank net system completes certificate, could normally use safety certificate equipment.
At no point in the update process, illegally distorted even if the certificate request that client generates (is called for short P10), such as, the public and private key used when generating P10 information is that assailant is known, ebanking server does not have perception yet, therefore, ebanking server still can sign and issue effective certificate to safety certificate equipment to be updated.In the case, this safety certificate equipment has had been out the guarantee to safety in follow-up use.
So, how to improve safety certificate equipment safety at no point in the update process, become current problem demanding prompt solution.
Summary of the invention
This application provides a kind of update method and system, safety certificate equipment, it is therefore intended that the problem solving how to improve safety certificate equipment safety at no point in the update process.
To achieve these goals, this application provides techniques below scheme:
A kind of update method, including:
Safety certificate equipment receives certificate update instruction;
Described safety certificate equipment, according to described certificate update instruction, uses the change certification key request of Generating Certificate being set in advance in described safety certificate equipment;
Described safety certificate equipment sends described certificate request, and described certificate request is used for safety certificate server application certificate.
Alternatively, described safety certificate equipment, according to described certificate update instruction, uses the change certification key request of Generating Certificate pre-set to include:
Described safety certificate equipment, according to described certificate update instruction, assembles certificate request;
Described safety certificate equipment uses the change certification key being set in advance in described safety certificate equipment, described certificate request is encrypted.
Alternatively, described safety certificate equipment reception certificate update instruction includes:
Described safety certificate equipment receives the certificate update instruction that safety certification client sends;
Described safety certificate equipment sends described certificate request and includes:
Described safety certificate equipment sends described certificate request to described safety certification client, and described safety certification client is for being sent to described safety certificate server by described certificate request.
Alternatively, after described safety certificate equipment sends described certificate request, described method also includes:
Described safety certificate equipment receives the safety certificate that described safety certificate server is signed and issued, and described safety certificate is received and write by described safety certification client from described safety certificate server described safety certificate equipment.
A kind of safety certificate equipment, including:
First receiver module, is used for receiving certificate update instruction;
Certificate request generation module, for according to described certificate update instruction, using the change certification key request of Generating Certificate being set in advance in described safety certificate equipment;
Sending module, is used for sending described certificate request, and described certificate request is used for safety certificate server application certificate.
Alternatively, described certificate request generation module includes:
Module units, for according to described certificate update instruction, assembling certificate request;
Ciphering unit, for using the change certification key being set in advance in described safety certificate equipment, described certificate request being encrypted.
Alternatively, described first receiver module is used for receiving certificate update instruction and includes:
Described first receiver module specifically for, receive safety certification client send certificate update instruction;
Described sending module is used for sending described certificate request and includes:
Described sending module specifically for, send described certificate request to described safety certification client, described safety certification client is for being sent to described safety certificate server by described certificate request.
Alternatively, described equipment also includes:
Second receiver module, for, after sending described certificate request, receiving the safety certificate that described safety certificate server is signed and issued, described safety certificate is received and write by described safety certification client from described safety certificate server described safety certificate equipment.
A kind of renewal system, including:
Safety certification client, is used for sending certificate update instruction;
Safety certificate equipment, for according to described certificate update instruction, using the first change certification key request of Generating Certificate being set in advance in described safety certificate equipment, and described certificate request be sent to described safety certification client.
Alternatively, described system also includes:
Safety certificate server, for receiving the certificate request that described safety certification client sends, and use the second change certification key pre-set, described certificate request is decrypted, and according to the certificate request after deciphering, generating safety certificate, described first change certification key is identical with described second change certification key, and previously generates by described safety certificate server.
Update method described herein and system, safety certificate equipment, after safety certificate equipment receives renewal instruction, use the change certification key request of Generating Certificate being set in advance in described safety certificate equipment, re-use certificate request to safety certificate server application certificate, because the change certification key request of Generating Certificate pre-set in use safety equipment, that is, described certificate request is encrypted in safety certificate equipment, again because safety certificate equipment itself can be resisted attack and avoid Key Exposure, so, the certificate request generated in safety certificate equipment has higher safety, therefore, it is possible to reduce the risk that certificate request is tampered, thus improving the safety of renewal process.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of a kind of update method disclosed in the embodiment of the present application;
Fig. 2 is the flow chart of the embodiment of the present application another update method disclosed;
Fig. 3 is the structural representation of a kind of safety certificate equipment disclosed in the embodiment of the present application;
Fig. 4 is a kind of structural representation updating system disclosed in the embodiment of the present application.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only some embodiments of the present application, rather than whole embodiments.Based on the embodiment in the application, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of the application protection.
The disclosed a kind of update method of the embodiment of the present application, as it is shown in figure 1, include:
S101: safety certificate equipment receives certificate update instruction;
S102: safety certificate equipment, according to certificate update instruction, uses the change certification key request of Generating Certificate being set in advance in safety certificate equipment;
S103: safety certificate equipment sends certificate request, described certificate request is used for safety certificate server application certificate.
In prior art, certificate request generates in Net silver client, and Net silver client is easily subject to rogue attacks, and being therefore easily caused certificate request is tampered, so that assailant can use oneself known public affairs, private key, obtains effective certificate.By using these information, assailant just can use oneself known private key to carry out business signature, and same service end also can sign test be passed through, thus the business that reaches deceives the purpose of label.
In the present embodiment, because certificate request is encrypted generation in safety certificate equipment, thus it is possible to ensure that not being hacked person distorts, thus ensureing the safety of certificate update, further, it is possible to reduce the follow-up risk being deceived label by business.
The embodiment of the present application another update method disclosed, in the present embodiment, safety certificate equipment can be specially Net silver shield, and correspondingly, safety certification client can be Net silver client, and the server of both correspondences is internet banking system server.
As in figure 2 it is shown, method comprises the following steps shown in the present embodiment:
S201: the cryptographic services of Net silver client call manufacturer provides device (CryptographicServiceProvider, CSP), and Generate Certificate renewal instruction;
S202: Net silver client sends certificate update instruction to Net silver shield;
S203: Net silver shield, according to certificate update instruction, assembles certificate request;
Wherein certificate request includes certificate request message part (being made up of information such as Version, DistinguishedName, PublicKey, Attributes) and signature section (being become by signature algorithm) with numeral signature group.
The number of assembling steps of certificate request:
1. form certificate request according to certificate request information Version, DistinguishedName, PublicKey, Attributes;
2. use the PrivateKey in Net silver shield that the summary result of above-mentioned certificate request information is signed, obtain the signature result of certificate request information
3. certificate request information, signature algorithm and signature result are pieced together, composition certificate request expressly.
S204: Net silver shield uses and is set in advance in change certification key therein, certificate request is encrypted;
S205: Net silver shield sends the certificate request after encrypting to Net silver client;
S206: the certificate request after encryption is sent to internet banking system server by Net silver shield;
S207: internet banking system server uses change certification key, is decrypted the certificate request after encryption;
S208: internet banking system server is according to the certificate request after deciphering, and the certificate information (follow-up abbreviation P7) being signed and issued correspondence by CA server returns Net silver client;
S209: P7 is write in Net silver shield and is namely updated successfully by Net silver client call CSP control or manufacturer's change certification stack room.
It should be noted that in the present embodiment, change certification key by internet banking system server when bank's certificate, randomly generate in advance, and can record in the prefabricated certificate information table of service end, and is write in Net silver shield by this key in advance.Can according to realizing, with Net silver shield, the cipher mode decided through consultation or AES determines the building form of key.Such as, if using the AES of TripleDES that certificate P10 PKI is protected during certificate update, then change certification key can be made up of 16 or 24 characters;If using other AESs such as DES, AES, then determine length and the building form of key according to concrete algorithm.
Method described in the present embodiment, therefore change certification request generates in Net silver shield, so, can effectively prevent user from there is the risk that certificate is illegally distorted or usurped in certificate update process, ensure the safety of certificate update process, guarantee that Net silver shield certificate is not illegally usurped, thus Net silver shield being better applied to the information security fields such as Web bank, ecommerce, mobile payment and identity authorization system.
With said method embodiment accordingly, the embodiment of the present application also discloses a kind of safety certificate equipment, as it is shown on figure 3, include:
First receiver module 301, is used for receiving certificate update instruction;
Certificate request generation module 302, for according to described certificate update instruction, using the change certification key request of Generating Certificate being set in advance in described safety certificate equipment;
Sending module 303, is used for sending described certificate request, and described certificate request is used for safety certificate server application certificate.
Further, in the present embodiment, certificate request generation module 302 can specifically include:
Module units, for according to described certificate update instruction, assembling certificate request;And, ciphering unit, for using the change certification key being set in advance in described safety certificate equipment, described certificate request being encrypted.
Further, in the present embodiment, first receiver module 301 receives the specific implementation of certificate update instruction: receive the certificate update instruction that safety certification client sends, sending module 303 sends the specific implementation of described certificate request: send described certificate request to described safety certification client, and described safety certification client is for being sent to described safety certificate server by described certificate request.
Alternatively, equipment described in the present embodiment can also include the second receiver module, for after sending described certificate request, receiving the safety certificate that described safety certificate server is signed and issued, described safety certificate is received and write by described safety certification client from described safety certificate server described safety certificate equipment.
Safety certificate equipment described in the present embodiment carries out the process of certificate update and may refer to said method embodiment, repeats no more here.
Safety certificate equipment described in the present embodiment, it is possible to ask and use the cipher key pair certificate self preset request to be encrypted self Generating Certificate, therefore, it is possible to improve the safety of certificate request, thus effectively reducing the unsafe factor in certificate update process.
The embodiment of the present application also discloses a kind of renewal system, as shown in Figure 4, including: safety certification client 401, safety certificate equipment 402 and safety certificate server 403.
Wherein, safety certification client 401, it is used for sending certificate update instruction;
Safety certificate equipment 402, for according to described certificate update instruction, using the first change certification key request of Generating Certificate being set in advance in described safety certificate equipment, and described certificate request be sent to described safety certification client;
Safety certificate server 403, for receiving the certificate request that described safety certification client sends, and uses the second change certification key pre-set, described certificate request is decrypted, and according to the certificate request after deciphering, generate safety certificate;
Wherein, described first change certification key is identical with described second change certification key, and previously generates by described safety certificate server;
Safety certificate server 403 is additionally operable to: described safety certificate is sent to described safety certification client;
Safety certification client 401 is additionally operable to, and described safety certificate is write described safety certificate equipment.
Renewal system described in the present embodiment can be the renewal system in Net silver, and specifically, safety certification client can be Net silver client, and safety certificate equipment can be Net silver shield, and safety certificate server can be internet banking system server.Its concrete interaction flow may refer to said method embodiment, repeats no more here.
System described in the present embodiment, use in safety certificate equipment carry change certification key, Generate Certificate request in safety certificate equipment, because safety certificate equipment compares safety certification client, there is higher attack protection, therefore, compare in the request of Generating Certificate of safety certification client, the safety of the system described in the present embodiment is higher, it can be ensured that certificate update is not hacked, thus reducing the risk that certificate request is modified, be conducive to ensureing the safety of client.
If the function described in the embodiment of the present application method is using the form realization of SFU software functional unit and as independent production marketing or use, it is possible to be stored in a computing equipment read/write memory medium.Based on such understanding, part or the part of this technical scheme that prior art is contributed by the embodiment of the present application can embody with the form of software product, this software product is stored in a storage medium, including some instructions with so that a computing equipment (can be personal computer, server, mobile computing device or the network equipment etc.) perform all or part of step of method described in each embodiment of the application.And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (ROM, Read-OnlyMemory), the various media that can store program code such as random access memory (RAM, RandomAccessMemory), magnetic disc or CD.
In this specification, each embodiment adopts the mode gone forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment same or similar part mutually referring to.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses the application.The multiple amendment of these embodiments be will be apparent from for those skilled in the art, and generic principles defined herein when without departing from spirit herein or scope, can realize in other embodiments.Therefore, the application is not intended to be limited to the embodiments shown herein, and is to fit to the widest scope consistent with principles disclosed herein and features of novelty.
Claims (10)
1. a update method, it is characterised in that including:
Safety certificate equipment receives certificate update instruction;
Described safety certificate equipment, according to described certificate update instruction, uses the change certification key request of Generating Certificate being set in advance in described safety certificate equipment;
Described safety certificate equipment sends described certificate request, and described certificate request is used for safety certificate server application certificate.
2. method according to claim 1, it is characterised in that described safety certificate equipment, according to described certificate update instruction, uses the change certification key request of Generating Certificate pre-set to include:
Described safety certificate equipment, according to described certificate update instruction, assembles certificate request;
Described safety certificate equipment uses the change certification key being set in advance in described safety certificate equipment, described certificate request is encrypted.
3. method according to claim 1 and 2, it is characterised in that described safety certificate equipment receives certificate update instruction and includes:
Described safety certificate equipment receives the certificate update instruction that safety certification client sends;
Described safety certificate equipment sends described certificate request and includes:
Described safety certificate equipment sends described certificate request to described safety certification client, and described safety certification client is for being sent to described safety certificate server by described certificate request.
4. method according to claim 3, it is characterised in that after described safety certificate equipment sends described certificate request, also include:
Described safety certificate equipment receives the safety certificate that described safety certificate server is signed and issued, and described safety certificate is received and write by described safety certification client from described safety certificate server described safety certificate equipment.
5. a safety certificate equipment, it is characterised in that including:
First receiver module, is used for receiving certificate update instruction;
Certificate request generation module, for according to described certificate update instruction, using the change certification key request of Generating Certificate being set in advance in described safety certificate equipment;
Sending module, is used for sending described certificate request, and described certificate request is used for safety certificate server application certificate.
6. equipment according to claim 5, it is characterised in that described certificate request generation module includes:
Module units, for according to described certificate update instruction, assembling certificate request;
Ciphering unit, for using the change certification key being set in advance in described safety certificate equipment, described certificate request being encrypted.
7. the equipment according to claim 5 or 6, it is characterised in that described first receiver module is used for receiving certificate update instruction and includes:
Described first receiver module specifically for, receive safety certification client send certificate update instruction;
Described sending module is used for sending described certificate request and includes:
Described sending module specifically for, send described certificate request to described safety certification client, described safety certification client is for being sent to described safety certificate server by described certificate request.
8. equipment according to claim 7, it is characterised in that also include:
Second receiver module, for, after sending described certificate request, receiving the safety certificate that described safety certificate server is signed and issued, described safety certificate is received and write by described safety certification client from described safety certificate server described safety certificate equipment.
9. one kind updates system, it is characterised in that including:
Safety certification client, is used for sending certificate update instruction;
Safety certificate equipment, for according to described certificate update instruction, using the first change certification key request of Generating Certificate being set in advance in described safety certificate equipment, and described certificate request be sent to described safety certification client.
10. system according to claim 9, it is characterised in that also include:
Safety certificate server, for receiving the certificate request that described safety certification client sends, and use the second change certification key pre-set, described certificate request is decrypted, and according to the certificate request after deciphering, generating safety certificate, described first change certification key is identical with described second change certification key, and previously generates by described safety certificate server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410844587.4A CN105812136A (en) | 2014-12-30 | 2014-12-30 | Update method, update system and security authentication device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410844587.4A CN105812136A (en) | 2014-12-30 | 2014-12-30 | Update method, update system and security authentication device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105812136A true CN105812136A (en) | 2016-07-27 |
Family
ID=56420110
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410844587.4A Pending CN105812136A (en) | 2014-12-30 | 2014-12-30 | Update method, update system and security authentication device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105812136A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667781A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
| CN108667609A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
| CN109474432A (en) * | 2017-09-07 | 2019-03-15 | 西安西电捷通无线网络通信股份有限公司 | Digital certificate management method and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1832397A (en) * | 2005-11-28 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Authorization key, consultation and update method based on common key credentials between interface of electronic equipment |
| US20070005981A1 (en) * | 2005-06-30 | 2007-01-04 | Brother Kogyo Kabushiki Kaisha | Communication System, Certificate Update Device, And Communication Device |
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
| CN103516524A (en) * | 2013-10-21 | 2014-01-15 | 北京旋极信息技术股份有限公司 | Security authentication method and system |
-
2014
- 2014-12-30 CN CN201410844587.4A patent/CN105812136A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070005981A1 (en) * | 2005-06-30 | 2007-01-04 | Brother Kogyo Kabushiki Kaisha | Communication System, Certificate Update Device, And Communication Device |
| CN1832397A (en) * | 2005-11-28 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Authorization key, consultation and update method based on common key credentials between interface of electronic equipment |
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
| CN103516524A (en) * | 2013-10-21 | 2014-01-15 | 北京旋极信息技术股份有限公司 | Security authentication method and system |
Non-Patent Citations (1)
| Title |
|---|
| 彭代渊: "《铁路信息安全技术》", 31 May 2010, 北京:中国铁道出版社 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667781A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
| CN108667609A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
| CN108667609B (en) * | 2017-04-01 | 2021-07-20 | 西安西电捷通无线网络通信股份有限公司 | Digital certificate management method and equipment |
| US11363010B2 (en) | 2017-04-01 | 2022-06-14 | China Iwncomm Co., Ltd. | Method and device for managing digital certificate |
| CN109474432A (en) * | 2017-09-07 | 2019-03-15 | 西安西电捷通无线网络通信股份有限公司 | Digital certificate management method and equipment |
| CN109474432B (en) * | 2017-09-07 | 2021-11-02 | 西安西电捷通无线网络通信股份有限公司 | Digital certificate management method and device |
| US11323433B2 (en) | 2017-09-07 | 2022-05-03 | China Iwncomm Co., Ltd. | Digital credential management method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11877213B2 (en) | Methods and systems for asset obfuscation | |
| US10666428B2 (en) | Efficient methods for protecting identity in authenticated transmissions | |
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| CN106797311B (en) | System, method and storage medium for secure password generation | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| US10461933B2 (en) | Methods for secure credential provisioning | |
| CN106452764B (en) | Method for automatically updating identification private key and password system | |
| CN108924147B (en) | Communication terminal digital certificate issuing method, server and communication terminal | |
| WO2019001061A1 (en) | Payment verification method and system, and mobile device and security authentication device | |
| EP3001598B1 (en) | Method and system for backing up private key in electronic signature token | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| EP3457309B1 (en) | Processing method for presenting copy attack, and server and client | |
| KR20140035775A (en) | Payment method, server performing the same, storage media storing the same and system performing the same | |
| CN104200176A (en) | System and method for carrying out transparent encryption and decryption on file in intelligent mobile terminal | |
| CN109412812A (en) | Data safe processing system, method, apparatus and storage medium | |
| CN102801730A (en) | Information protection method and device for communication and portable devices | |
| Luo et al. | An Unlinkable Anonymous Payment Scheme based on near field communication | |
| KR20090019576A (en) | Certification method and system for a mobile phone | |
| CN102693478A (en) | Trading method of bid security during bidding procedure and system thereof | |
| CN105812136A (en) | Update method, update system and security authentication device | |
| KR20140046674A (en) | Digital certificate system for cloud-computing environment and providing method thereof | |
| WO2017107642A1 (en) | Text processing method, apparatus and system for secure input method | |
| KR102445379B1 (en) | Operation method of server apparatus, operation method of terminal and server apparatus | |
| KR101146509B1 (en) | Internet banking transaction system and the method that use maintenance of public security card to be mobile | |
| JP2017079419A (en) | Server authentication system, terminal, server, server authentication method, program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160727 |
|
| RJ01 | Rejection of invention patent application after publication |